Lex et Ratio Ltd

Privacy Notice

Explains how personal data are handled in connection with this website and professional communications.

1. Controller

Lex et Ratio Ltd (‘the Company’) is the data controller for the purposes of the UK General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018. The Company is registered in England and Wales (Company No. 16641457). Enquiries concerning this notice may be directed to: peter.kahl@juris.vc.

2. Scope

This notice explains how personal data are handled in connection with this website and related professional communications. The site is informational in nature and does not provide user accounts, marketing subscriptions, or behavioural tracking.

3. Personal Data Collected

The Company does not actively collect personal data through forms, profiling technologies, or analytics tools. Personal data may arise only where an individual chooses to initiate contact, typically by email.

Such data may include:

  • name
  • professional affiliation
  • contact details
  • the contents of correspondence

The Company does not seek to collect special category data and requests that such information not be transmitted unless strictly necessary.

4. Purposes of Processing

Personal data are processed solely for legitimate professional purposes, including:

  • responding to enquiries
  • assessing potential advisory engagements
  • maintaining professional correspondence
  • protecting the integrity and security of communications

Personal data are not used for marketing, behavioural analysis, automated decision-making, or profiling.

5. Lawful Basis

Processing is conducted under Article 6(1)(f) UK GDPR — legitimate interests — namely, the operation of a professional advisory practice and the ability to respond to unsolicited communications in a proportionate and expected manner.

Where communications relate to prospective engagements, processing may also be necessary for the taking of steps prior to entering into a contract (Article 6(1)(b)).

Processing of limited technical data for security monitoring (see §10) is likewise undertaken pursuant to Article 6(1)(f), reflecting the Company’s legitimate interest in maintaining the confidentiality, integrity, availability, and resilience of its systems and communications.

6. Data Sharing

Personal data are not sold, licensed, or disclosed for commercial purposes.

Data may be processed by infrastructure providers strictly as necessary for the operation and security of this website and associated communications (eg hosting providers, email services). Such processing occurs under appropriate contractual and confidentiality obligations.

Personal data may be disclosed where required by law or where necessary for the establishment, exercise, or defence of legal claims.

7. International Transfers

Where service providers operate outside the United Kingdom, transfers are undertaken only where lawful safeguards exist, such as adequacy regulations or standard contractual clauses.

8. Retention

Personal data are retained only for as long as reasonably necessary for professional correspondence, record-keeping, or legal protection. Irrelevant or stale communications are periodically deleted.

Security-related technical logs are retained for a limited period proportionate to their protective purpose and are routinely overwritten or deleted unless required for the investigation of operational faults, security incidents, or legal obligations.

9. Security

The Company applies proportionate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. No system can be guaranteed entirely secure; correspondents should exercise discretion in the information they choose to transmit electronically.

10. Cookies and Tracking

This website does not use cookies for tracking, analytics, advertising, or behavioural profiling.

Server logs necessarily record limited technical metadata — which may include IP addresses, request timestamps, and user-agent identifiers — for strictly defined security, stability, and diagnostic purposes.

Although such identifiers may constitute personal data under UK GDPR in certain contexts, they are processed solely to detect malicious activity, preserve service reliability, and support incident response.

Access to these logs is restricted to authorised administrative personnel and they are not repurposed for analytics, behavioural monitoring, marketing, or visitor identification.

11. Data Subject Rights

Under the UK GDPR, individuals have the right to:

  • request access to their personal data
  • request rectification of inaccurate data
  • request erasure where appropriate
  • object to processing based on legitimate interests
  • request restriction of processing
  • request data portability, where applicable

Requests should be directed to peter.kahl@juris.vc.

Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data have been handled unlawfully.

12. Changes to This Notice

This notice may be updated from time to time to reflect legal or operational developments. The current version will always be published on this website.